Autopsy  4.21.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
OtherOccurrencesNodeWorker.java
Go to the documentation of this file.
1 /*
2  * Central Repository
3  *
4  * Copyright 2021 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.centralrepository.contentviewer;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.HashSet;
25 import java.util.Map;
26 import java.util.Set;
27 import java.util.logging.Level;
28 import javax.swing.SwingWorker;
29 import org.openide.nodes.Node;
41 import org.sleuthkit.datamodel.AbstractFile;
42 import org.sleuthkit.datamodel.AnalysisResult;
43 import org.sleuthkit.datamodel.BlackboardArtifactTag;
44 import org.sleuthkit.datamodel.Content;
45 import org.sleuthkit.datamodel.ContentTag;
46 import org.sleuthkit.datamodel.DataArtifact;
47 import org.sleuthkit.datamodel.OsAccount;
48 import org.sleuthkit.datamodel.TskException;
49 
54 class OtherOccurrencesNodeWorker extends SwingWorker<OtherOccurrencesData, Void> {
55 
56  private static final Logger logger = Logger.getLogger(OtherOccurrencesNodeWorker.class.getName());
57 
58  private final Node node;
59 
65  OtherOccurrencesNodeWorker(Node node) {
66  this.node = node;
67  }
68 
69  @Override
70  protected OtherOccurrencesData doInBackground() throws Exception {
71  OtherOccurrencesData data = null;
72  if (CentralRepository.isEnabled()) {
73  OsAccount osAccount = node.getLookup().lookup(OsAccount.class);
74  String deviceId = "";
75  String dataSourceName = "";
76  Map<String, CorrelationCase> caseNames = new HashMap<>();
77  Case currentCase = Case.getCurrentCaseThrows();
78  //the file is currently being used for determining a correlation instance is not the selected instance
79  // for the purposes of ignoring the currently selected item
80  AbstractFile file = node.getLookup().lookup(AbstractFile.class);
81  try {
82  if (file != null) {
83  Content dataSource = file.getDataSource();
84  deviceId = currentCase.getSleuthkitCase().getDataSource(dataSource.getId()).getDeviceId();
85  dataSourceName = dataSource.getName();
86  }
87  } catch (TskException ex) {
88  logger.log(Level.WARNING, "Exception occurred while trying to get the data source, current case, and device id for an AbstractFile in the other occurrences viewer", ex);
89  return data;
90  }
91  Collection<CorrelationAttributeInstance> correlationAttributes = new ArrayList<>();
92  if (osAccount != null) {
93  correlationAttributes.addAll(OtherOccurrences.getCorrelationAttributeFromOsAccount(node, osAccount));
94  } else {
95  TskContentItem<?> contentItem = node.getLookup().lookup(TskContentItem.class);
96  Content content = null;
97  if (contentItem != null) {
98  content = contentItem.getTskContent();
99  } else { //fallback and check ContentTags
100  ContentTag nodeContentTag = node.getLookup().lookup(ContentTag.class);
101  BlackboardArtifactTag nodeBbArtifactTag = node.getLookup().lookup(BlackboardArtifactTag.class);
102  if (nodeBbArtifactTag != null) {
103  content = nodeBbArtifactTag.getArtifact();
104  } else if (nodeContentTag != null) {
105  content = nodeContentTag.getContent();
106  }
107  }
108  if (content != null) {
109  if (content instanceof AbstractFile) {
110  correlationAttributes.addAll(CorrelationAttributeUtil.makeCorrAttrsForSearch((AbstractFile) content));
111  } else if (content instanceof AnalysisResult) {
112  correlationAttributes.addAll(CorrelationAttributeUtil.makeCorrAttrsForSearch((AnalysisResult) content));
113  } else if (content instanceof DataArtifact) {
114  correlationAttributes.addAll(CorrelationAttributeUtil.makeCorrAttrsForSearch((DataArtifact) content));
115  }
116  }
117  }
118  int totalCount = 0;
119  Set<String> dataSources = new HashSet<>();
120  String currentCaseName = Case.getCurrentCase().getName();
121  for (CorrelationAttributeInstance corAttr : correlationAttributes) {
122  for (NodeData nodeData : OtherOccurrences.getCorrelatedInstances(deviceId, dataSourceName, corAttr).values()) {
123  try {
124  if(!currentCaseName.equals(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID())) {
125  dataSources.add(OtherOccurrences.makeDataSourceString(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(), nodeData.getDeviceID(), nodeData.getDataSourceName()));
126  caseNames.put(nodeData.getCorrelationAttributeInstance().getCorrelationCase().getCaseUUID(), nodeData.getCorrelationAttributeInstance().getCorrelationCase());
127  }
128  } catch (CentralRepoException ex) {
129  logger.log(Level.WARNING, "Unable to get correlation case for displaying other occurrence for case: " + nodeData.getCaseName(), ex);
130  }
131  totalCount++;
132  if (isCancelled()) {
133  break;
134  }
135  }
136  }
137  if (!isCancelled()) {
138  data = new OtherOccurrencesData(correlationAttributes, file, dataSourceName, deviceId, caseNames, totalCount, dataSources.size(), OtherOccurrences.getEarliestCaseDate());
139  }
140  }
141  return data;
142  }
143 
148  static class OtherOccurrencesData {
149 
150  private final String deviceId;
151  private final AbstractFile file;
152  private final String dataSourceName;
153  private final Map<String, CorrelationCase> caseMap;
154  private final int instanceDataCount;
155  private final int dataSourceCount;
156  private final String earliestCaseDate;
157  private final Collection<CorrelationAttributeInstance> correlationAttributes;
158 
159  private OtherOccurrencesData(Collection<CorrelationAttributeInstance> correlationAttributes, AbstractFile file, String dataSourceName, String deviceId, Map<String, CorrelationCase> caseMap, int instanceCount, int dataSourceCount, String earliestCaseDate) {
160  this.file = file;
161  this.deviceId = deviceId;
162  this.dataSourceName = dataSourceName;
163  this.caseMap = caseMap;
164  this.instanceDataCount = instanceCount;
165  this.dataSourceCount = dataSourceCount;
166  this.earliestCaseDate = earliestCaseDate;
167  this.correlationAttributes = correlationAttributes;
168  }
169 
170  public String getDeviceId() {
171  return deviceId;
172  }
173 
174  public AbstractFile getFile() {
175  return file;
176  }
177 
178  public String getDataSourceName() {
179  return dataSourceName;
180  }
181 
182  public Map<String, CorrelationCase> getCaseMap() {
183  return caseMap;
184  }
185 
186  public int getInstanceDataCount() {
187  return instanceDataCount;
188  }
189 
190  public int getDataSourceCount() {
191  return dataSourceCount;
192  }
193 
199  public String getEarliestCaseDate() {
200  return earliestCaseDate;
201  }
202 
203  public Collection<CorrelationAttributeInstance> getCorrelationAttributes() {
204  return correlationAttributes;
205  }
206  }
207 }

Copyright © 2012-2022 Basis Technology. Generated on: Tue Feb 6 2024
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.